Access Management
Determine who can do what
Secure authorization management in Active Directory and in the cloud:
Manage hybrid IT landscapes with dynamic group management in IDM-Portal.
The user perspective
Employees expect that everything is running smoothly at work.
Authorization management ensures that they have access to relevant
drives
data
distribution lists
without waiting times and error messages.
What happens technically behind the scenes doesn’t interest them:
The solution
Create groups and assign memberships
Authorization management in IDM-Portal is easy and well-organized.
Groups and group members are added or removed via ‘drag & drop’ .
It is simple and straightforward so that non-IT department heads or HR staff can do the job.
They assign memberships directly within a user’s profile or use the section ‘Groups’ to create new groups and add members.
For the administrator, this means a massive reduction in workload,
for the end user best working conditions.
Practical applications – Three examples
Permission groups
Create authorization groups
in IDM-Portal and assign members.
Email distribution lists
Create email distribution lists
for sending email messages.
Department groups
Specify department groups and
add relevant employees.
Active Directory and Cloud – Connect both worlds
Are you one of those companies that are opening up towards the cloud?
Then you are probably wondering how access management works in AD and in Azure AD.
The quick answer: IDM-Portal handles both tasks.
What happens when you make changes in Active Directory through IDM-Portal?
IDM-Portal works with your Active Directory. As a result, all changes are made directly to the AD.
This applies to group memberships as well as all other properties (department, phone number and other data).
In a hybrid environment, we turn on a powerful synchronization of the data with Azure AD.
This way, both directories are at the same up-to-date status.
Main features – Access management
Edit group memberships directly in the user profile
Permissions can be set up directly in the user’s profile.
Conveniently view all Active Directory groups or search for the relevant groups.
Simply select the required groups.
By using ‘drag & drop’ the groups can be easily moved over to the user’s profile.
Access management from a group perspective
Get all your Active Directory and Azure AD group and permissions management done in IDM-Portal.
In the menu tab ‘Groups’ you manage groups and group members. Alternatively, you delegate the editing to the owner of the group.
Select those employees who you want to add as members of the group. You can also remove users by using the ‘drag and drop’ function.
Access rights assigned by helpdesk and manager
Usually, head of departments or help desk team members are not able to grant permissions for their own resources. Use IDM-Portal to delegate the access rights management to the owner.
The following tasks can be delegated, depending on the role of the user:
- Create new mail or permission groups
- Add or delete new members
- Trigger workflows that lead to approvals
Windows does not offer a user-friendly front end tool for normal users to manage department groups. With IDM-Portal, group and user management tasks do not need to be exclusively in the hands of IT admins anymore.
Integration of approval workflows
Configure which groups and data changes require approval in IDM-Portal. Define which persons must agree to the application process.
The approval-based workflow includes clearly defined steps:
- Applicants save changes in the IDM portal
- Approvers are automatically informed
- Decision is made via approval web interface
Key decision makers drive the process.
Key users are involved and fully informed.
The advantages
Simple assignment of permissions
All access rights from day 1
Automated authorizations
Noticeable relief
for IT
Role-based delegation
Time and cost savings
Automate with concept – without manual group administration
If your main goal is to save time and assign permissions effectively and fast you should solve access management tasks conceptionally.
What are the criteria for the permissions?
IDM-Portal speaks PowerShell and offers multilayered possibilities for automation.
At best you will not need AD group management anymore.
Tip from the expert
The best way to implement an authorization concept is to approach the subject from two sides.
We are happy to explain why. Standard cases can already be easily handled
via IDM-Portal’s user management.
Also, actively involve your resource owners by letting them manage the groups themselves
or trigger approval workflows.